The company confirmed at the end of September that it was the victim of a cyber attack that had breached the 'View As' feature as means to illegally gain access to users' private information using "Facebook access tokens", and later confirmed that the hack could also impact third-party apps using Facebook log-ins too.

Advertisement - Continue Reading Below

Following an investigation into the attack, Facebook's VP of Product Management Guy Rosen has written a blog post explaining what happened and how the accounts were compromised, before also detailing how Facebook account holders can check whether they were directly affected too.

Firstly, the kind-of good news: the attack wasn't actually as bad as we first feared, with Rosen writing "fewer people were impacted than we originally thought".

The less great news is that 30 million people still had their access tokens stolen, with 15 million people having their name and contact details accessed (including phone numbers and emails if they were listed on the profiles) while another 14 million people had these details accessed as well as several others, including username, gender, hometown, birthdate and their 15 most recent searches (to name just a few).

There, you'll be able to see bullet points detailing the attack, the investigation and what's been learned, as well as whether your account was involved by scrolling down and finding the answer to the question 'Is my Facebook account impacted by this security issue?' in a bright blue box.

Rosen continued to add that Facebook will also be sending out a customised message to each of the 30 million people affected to explain what information the attackers may have accessed and outlining "steps they can take to protect themselves" from any suspicious emails, calls or texts they may now get.

According to Rosen, the investigation into the attack is still ongoing and the company continues to operate with the FBI, Irish Data Protection Commission and other authorities, and it hasn't ruled out the possibility of any smaller-scale attacks yet either.

Rosen did also confirm that the attack "did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts".